/*
 * Copyright (C) 2020 Graylog, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the Server Side Public License, version 1,
 * as published by MongoDB, Inc.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * Server Side Public License for more details.
 *
 * You should have received a copy of the Server Side Public License
 * along with this program. If not, see
 * <http://www.mongodb.com/licensing/server-side-public-license>.
 */
package org.graylog2.cluster.certificates;

import org.graylog.security.certutil.cert.CertificateChain;

import java.io.IOException;
import java.util.function.Consumer;
import java.util.function.Function;

public interface CertificateExchange {

    void requestCertificate(CertificateSigningRequest request) throws IOException;

    /**
     * Take every pending CSR and transform it to a valid certificate chain by using the signing function
     */
    void signPendingCertificateRequests(Function<CertificateSigningRequest, CertificateChain> signingFunction) throws IOException;

    /**
     * If the consumer fails to consume existing certificate, the certificate won't be removed and the attempt will
     * be repeated during the next poll call.
     */
    void pollCertificate(String nodeId, Consumer<CertificateChain> chainConsumer);
}
